switch from nixops to morph

2021-10-03 14:18:57 +02:00 · 2021-10-03 14:18:57 +02:00 · e3d7af5fc7
commit e3d7af5fc7
parent d4d6918d70
7 changed files with 11 additions and 35 deletions
--- a/.envrc
+++ b/.envrc
@ -1,2 +1 @@
 export NIX_USER_CONF_FILES=$PWD/nix/nix.conf
 use nix
--- a/README.md
+++ b/README.md
@ -79,7 +79,7 @@ Thanks to Cachix for sponsoring our binary cache!
 * ./build\d+ - build machines
 * ./ci.sh - What is executed by CI
-* ./deploy - NixOps deploy script
+* ./deploy - Deploy script
 * ./nix - pinned Nix dependencies and overlays
 * ./roles - shared NixOS configuration modules
 * ./secrets - git-crypt encrypted secrets
--- a/15
+++ b/15
@ -2,17 +2,4 @@
 #! nix-shell ./shell.nix -i bash
 set -euo pipefail
-options=(
+morph deploy ./deployment.nix "$@" switch
  --option extra-substituters "https://nix-community.cachix.org"
  --option binary-cache-public-keys "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
 )
 mkdir -p state
 if [ $(nixops list --state "$NIXOPS_STATE" | grep -c "$NIXOPS_DEPLOYMENT") -eq 0 ]; then
  nixops create ./deployment.nix \
    "${options[@]}" \
    --deployment "$NIXOPS_DEPLOYMENT" --state "$NIXOPS_STATE"
 fi
 nixops deploy "${options[@]}" "$@"
--- a/deployment.nix
+++ b/deployment.nix
@ -18,6 +18,10 @@ let
 in
 {
  network.description = "nix-community infra";
  network.nixConfig = {
    extra-substituters = "https://nix-community.cachix.org";
    binary-cache-public-keys = "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=";
  };
  build01 = { ... }: {
    imports = [
--- a/nix/overlays.nix
+++ b/nix/overlays.nix
@ -4,10 +4,8 @@ let
      git-crypt
      niv
      sops
      morph
      sources;
    nixopsUnstable =
      let nixopsPkgs = import sources.nixops-nixpkgs {};
      in (nixopsPkgs.nixopsUnstable.withPlugins (ps: [ ]));
    terraform = pkgs.terraform_1_0.withPlugins (
      p: [
--- a/nix/sources.json
+++ b/nix/sources.json
@ -23,18 +23,6 @@
        "url": "https://github.com/timokau/marvin-mk2/archive/b3dd8c02a5c01dcf0e9cc8789846a0ec980f534b.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "nixops-nixpkgs": {
        "branch": "master",
        "description": "Nix Packages collection",
        "homepage": "",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "f2f8e282",
        "sha256": "1gflpsgagg487xj5p9911b7pvqh2vmw7vfg4hi6pnbrqkilm5kj6",
        "type": "tarball",
        "url": "https://github.com/nixos/nixpkgs/archive/f2f8e282.tar.gz",
        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
    },
    "nixpkgs": {
        "branch": "nixos-unstable-small",
        "description": "Nix Packages collection",
--- a/shell.nix
+++ b/shell.nix
@ -5,9 +5,8 @@ let
 in
 pkgs.mkShell {
  NIX_PATH = "nixpkgs=${toString pkgs.path}";
-
+  # required for morph
-  NIXOPS_DEPLOYMENT = "nix-community-infra";
+  SSH_USER = "root";
  NIXOPS_STATE = toString ./state/deployment-state.nixops;
  sopsPGPKeyDirs = [
    "./keys"
@ -16,9 +15,9 @@ pkgs.mkShell {
  buildInputs = with pkgs.nix-community-infra; [
    git-crypt
    niv
    nixopsUnstable
    terraform
    sops
    morph
    (pkgs.callPackage sources.sops-nix {}).sops-import-keys-hook
  ];
@ -29,5 +28,6 @@ pkgs.mkShell {
  shellHooks = ''
    export CLOUDFLARE_API_TOKEN=$(< ./secrets/cloudflare-api-token)
    export NIX_USER_CONF_FILES="$(pwd)/nix/nix.conf";
  '';
 }
`@ -1,2 +1 @@`
	`export NIX_USER_CONF_FILES=$PWD/nix/nix.conf`
	`use nix`	`use nix`